/*
 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
 * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 */

package java.net;

import java.io.ObjectInputStream;
import java.io.IOException;
import java.util.List;
import java.util.ArrayList;
import java.util.Collections;
import java.security.Permission;

/**
 * Represents permission to access a resource or set of resources defined by a
 * given url, and for a given set of user-settable request methods
 * and request headers. The <i>name</i> of the permission is the url string.
 * The <i>actions</i> string is a concatenation of the request methods and headers.
 * The range of method and header names is not restricted by this class.
 * <p><b>The url</b><p>
 * The url string has the following expected structure.
 * <pre>
 *     scheme : // authority [ / path ]
 * </pre>
 * <i>scheme</i> will typically be http or https, but is not restricted by this
 * class.
 * <i>authority</i> is specified as:
 * <pre>
 *     authority = [ userinfo @ ] hostrange [ : portrange ]
 *     portrange = portnumber | -portnumber | portnumber-[portnumber] | *
 *     hostrange = ([*.] dnsname) | IPv4address | IPv6address
 * </pre>
 * <i>dnsname</i> is a standard DNS host or domain name, ie. one or more labels
 * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and
 * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt">
 * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters.
 * The <i>dnsname</i> specification can be preceded by "*." which means
 * the name will match any hostname whose right-most domain labels are the same as
 * this name. For example, "*.oracle.com" matches "foo.bar.oracle.com"
 * <p>
 * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports
 * that this permission applies to. If portrange is absent or invalid, then a default
 * port number is assumed if the scheme is {@code http} (default 80) or {@code https}
 * (default 443). No default is assumed for other schemes. A wildcard may be specified
 * which means all ports.
 * <p>
 * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
 * creating a URLPermission, and has no effect on any other methods defined by this class.
 * <p>
 * The <i>path</i> component comprises a sequence of path segments,
 * separated by '/' characters. <i>path</i> may also be empty. The path is specified
 * in a similar way to the path in {@link java.io.FilePermission}. There are
 * three different ways as the following examples show:
 * <table border>
 * <caption>URL Examples</caption>
 * <tr><th>Example url</th><th>Description</th></tr>
 * <tr><td style="white-space:nowrap;">http://www.oracle.com/a/b/c.html</td>
 * <td>A url which identifies a specific (single) resource</td>
 * </tr>
 * <tr><td>http://www.oracle.com/a/b/*</td>
 * <td>The '*' character refers to all resources in the same "directory" - in
 * other words all resources with the same number of path components, and
 * which only differ in the final path component, represented by the '*'.
 * </td>
 * </tr>
 * <tr><td>http://www.oracle.com/a/b/-</td>
 * <td>The '-' character refers to all resources recursively below the
 * preceding path (eg. http://www.oracle.com/a/b/c/d/e.html matches this
 * example).
 * </td>
 * </tr>
 * </table>
 * <p>
 * The '*' and '-' may only be specified in the final segment of a path and must be
 * the only character in that segment. Any query or fragment components of the
 * url are ignored when constructing URLPermissions.
 * <p>
 * As a special case, urls of the form, "scheme:*" are accepted to
 * mean any url of the given scheme.
 * <p>
 * The <i>scheme</i> and <i>authority</i> components of the url string are handled
 * without regard to case. This means {@link #equals(Object)},
 * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect
 * to these components. If the <i>authority</i> contains a literal IP address,
 * then the address is normalized for comparison. The path component is case sensitive.
 * <p><b>The actions string</b><p>
 * The actions string of a URLPermission is a concatenation of the <i>method list</i>
 * and the <i>request headers list</i>. These are lists of the permitted request
 * methods and permitted request headers of the permission (respectively). The two lists
 * are separated by a colon ':' character and elements of each list are comma separated.
 * Some examples are:
 * <pre>
 *         "POST,GET,DELETE"
 *         "GET:X-Foo-Request,X-Bar-Request"
 *         "POST,GET:Header1,Header2"
 * </pre>
 * The first example specifies the methods: POST, GET and DELETE, but no request headers.
 * The second example specifies one request method and two headers. The third
 * example specifies two request methods, and two headers.
 * <p>
 * The colon separator need not be present if the request headers list is empty.
 * No white-space is permitted in the actions string. The action strings supplied to
 * the URLPermission constructors are case-insensitive and are normalized by converting
 * method names to upper-case and header names to the form defines in RFC2616 (lower case
 * with initial letter of each word capitalized). Either list can contain a wild-card '*'
 * character which signifies all request methods or headers respectively.
 * <p>
 * Note. Depending on the context of use, some request methods and headers may be permitted
 * at all times, and others may not be permitted at any time. For example, the
 * HTTP protocol handler might disallow certain headers such as Content-Length
 * from being set by application code, regardless of whether the security policy
 * in force, permits it.
 *
 * @since 1.8
 */
public final class URLPermission extends Permission {

  private static final long serialVersionUID = -2702463814894478682L;

  private transient String scheme;
  private transient String ssp;                 // scheme specific part
  private transient String path;
  private transient List<String> methods;
  private transient List<String> requestHeaders;
  private transient Authority authority;

  // serialized field
  private String actions;

  /**
   * Creates a new URLPermission from a url string and which permits the given
   * request methods and user-settable request headers.
   * The name of the permission is the url string it was created with. Only the scheme,
   * authority and path components of the url are used internally. Any fragment or query
   * components are ignored. The permissions action string is as specified above.
   *
   * @param url the url string
   * @param actions the actions string
   * @throws IllegalArgumentException if url is invalid or if actions contains white-space.
   */
  public URLPermission(String url, String actions) {
    super(url);
    init(actions);
  }

  private void init(String actions) {
    parseURI(getName());
    int colon = actions.indexOf(':');
    if (actions.lastIndexOf(':') != colon) {
      throw new IllegalArgumentException("invalid actions string");
    }

    String methods, headers;
    if (colon == -1) {
      methods = actions;
      headers = "";
    } else {
      methods = actions.substring(0, colon);
      headers = actions.substring(colon + 1);
    }

    List<String> l = normalizeMethods(methods);
    Collections.sort(l);
    this.methods = Collections.unmodifiableList(l);

    l = normalizeHeaders(headers);
    Collections.sort(l);
    this.requestHeaders = Collections.unmodifiableList(l);

    this.actions = actions();
  }

  /**
   * Creates a URLPermission with the given url string and unrestricted
   * methods and request headers by invoking the two argument
   * constructor as follows: URLPermission(url, "*:*")
   *
   * @param url the url string
   * @throws IllegalArgumentException if url does not result in a valid {@link URI}
   */
  public URLPermission(String url) {
    this(url, "*:*");
  }

  /**
   * Returns the normalized method list and request
   * header list, in the form:
   * <pre>
   *      "method-names : header-names"
   * </pre>
   * <p>
   * where method-names is the list of methods separated by commas
   * and header-names is the list of permitted headers separated by commas.
   * There is no white space in the returned String. If header-names is empty
   * then the colon separator will not be present.
   */
  public String getActions() {
    return actions;
  }

  /**
   * Checks if this URLPermission implies the given permission.
   * Specifically, the following checks are done as if in the
   * following sequence:
   * <ul>
   * <li>if 'p' is not an instance of URLPermission return false</li>
   * <li>if any of p's methods are not in this's method list, and if
   * this's method list is not equal to "*", then return false.</li>
   * <li>if any of p's headers are not in this's request header list, and if
   * this's request header list is not equal to "*", then return false.</li>
   * <li>if this's url scheme is not equal to p's url scheme return false</li>
   * <li>if the scheme specific part of this's url is '*' return true</li>
   * <li>if the set of hosts defined by p's url hostrange is not a subset of
   * this's url hostrange then return false. For example, "*.foo.oracle.com"
   * is a subset of "*.oracle.com". "foo.bar.oracle.com" is not
   * a subset of "*.foo.oracle.com"</li>
   * <li>if the portrange defined by p's url is not a subset of the
   * portrange defined by this's url then return false.
   * <li>if the path or paths specified by p's url are contained in the
   * set of paths specified by this's url, then return true
   * <li>otherwise, return false</li>
   * </ul>
   * <p>Some examples of how paths are matched are shown below:
   * <table border>
   * <caption>Examples of Path Matching</caption>
   * <tr><th>this's path</th><th>p's path</th><th>match</th></tr>
   * <tr><td>/a/b</td><td>/a/b</td><td>yes</td></tr>
   * <tr><td>/a/b/*</td><td>/a/b/c</td><td>yes</td></tr>
   * <tr><td>/a/b/*</td><td>/a/b/c/d</td><td>no</td></tr>
   * <tr><td>/a/b/-</td><td>/a/b/c/d</td><td>yes</td></tr>
   * <tr><td>/a/b/-</td><td>/a/b/c/d/e</td><td>yes</td></tr>
   * <tr><td>/a/b/-</td><td>/a/b/c/*</td><td>yes</td></tr>
   * <tr><td>/a/b/*</td><td>/a/b/c/-</td><td>no</td></tr>
   * </table>
   */
  public boolean implies(Permission p) {
    if (!(p instanceof URLPermission)) {
      return false;
    }

    URLPermission that = (URLPermission) p;

    if (!this.methods.get(0).equals("*") &&
        Collections.indexOfSubList(this.methods, that.methods) == -1) {
      return false;
    }

    if (this.requestHeaders.isEmpty() && !that.requestHeaders.isEmpty()) {
      return false;
    }

    if (!this.requestHeaders.isEmpty() &&
        !this.requestHeaders.get(0).equals("*") &&
        Collections.indexOfSubList(this.requestHeaders,
            that.requestHeaders) == -1) {
      return false;
    }

    if (!this.scheme.equals(that.scheme)) {
      return false;
    }

    if (this.ssp.equals("*")) {
      return true;
    }

    if (!this.authority.implies(that.authority)) {
      return false;
    }

    if (this.path == null) {
      return that.path == null;
    }
    if (that.path == null) {
      return false;
    }

    if (this.path.endsWith("/-")) {
      String thisprefix = this.path.substring(0, this.path.length() - 1);
      return that.path.startsWith(thisprefix);
    }

    if (this.path.endsWith("/*")) {
      String thisprefix = this.path.substring(0, this.path.length() - 1);
      if (!that.path.startsWith(thisprefix)) {
        return false;
      }
      String thatsuffix = that.path.substring(thisprefix.length());
      // suffix must not contain '/' chars
      if (thatsuffix.indexOf('/') != -1) {
        return false;
      }
      if (thatsuffix.equals("-")) {
        return false;
      }
      return true;
    }
    return this.path.equals(that.path);
  }


  /**
   * Returns true if, this.getActions().equals(p.getActions())
   * and p's url equals this's url.  Returns false otherwise.
   */
  public boolean equals(Object p) {
    if (!(p instanceof URLPermission)) {
      return false;
    }
    URLPermission that = (URLPermission) p;
    if (!this.scheme.equals(that.scheme)) {
      return false;
    }
    if (!this.getActions().equals(that.getActions())) {
      return false;
    }
    if (!this.authority.equals(that.authority)) {
      return false;
    }
    if (this.path != null) {
      return this.path.equals(that.path);
    } else {
      return that.path == null;
    }
  }

  /**
   * Returns a hashcode calculated from the hashcode of the
   * actions String and the url string.
   */
  public int hashCode() {
    return getActions().hashCode()
        + scheme.hashCode()
        + authority.hashCode()
        + (path == null ? 0 : path.hashCode());
  }


  private List<String> normalizeMethods(String methods) {
    List<String> l = new ArrayList<>();
    StringBuilder b = new StringBuilder();
    for (int i = 0; i < methods.length(); i++) {
      char c = methods.charAt(i);
      if (c == ',') {
        String s = b.toString();
        if (s.length() > 0) {
          l.add(s);
        }
        b = new StringBuilder();
      } else if (c == ' ' || c == '\t') {
        throw new IllegalArgumentException("white space not allowed");
      } else {
        if (c >= 'a' && c <= 'z') {
          c += 'A' - 'a';
        }
        b.append(c);
      }
    }
    String s = b.toString();
    if (s.length() > 0) {
      l.add(s);
    }
    return l;
  }

  private List<String> normalizeHeaders(String headers) {
    List<String> l = new ArrayList<>();
    StringBuilder b = new StringBuilder();
    boolean capitalizeNext = true;
    for (int i = 0; i < headers.length(); i++) {
      char c = headers.charAt(i);
      if (c >= 'a' && c <= 'z') {
        if (capitalizeNext) {
          c += 'A' - 'a';
          capitalizeNext = false;
        }
        b.append(c);
      } else if (c == ' ' || c == '\t') {
        throw new IllegalArgumentException("white space not allowed");
      } else if (c == '-') {
        capitalizeNext = true;
        b.append(c);
      } else if (c == ',') {
        String s = b.toString();
        if (s.length() > 0) {
          l.add(s);
        }
        b = new StringBuilder();
        capitalizeNext = true;
      } else {
        capitalizeNext = false;
        b.append(c);
      }
    }
    String s = b.toString();
    if (s.length() > 0) {
      l.add(s);
    }
    return l;
  }

  private void parseURI(String url) {
    int len = url.length();
    int delim = url.indexOf(':');
    if (delim == -1 || delim + 1 == len) {
      throw new IllegalArgumentException("invalid URL string");
    }
    scheme = url.substring(0, delim).toLowerCase();
    this.ssp = url.substring(delim + 1);

    if (!ssp.startsWith("//")) {
      if (!ssp.equals("*")) {
        throw new IllegalArgumentException("invalid URL string");
      }
      this.authority = new Authority(scheme, "*");
      return;
    }
    String authpath = ssp.substring(2);

    delim = authpath.indexOf('/');
    String auth;
    if (delim == -1) {
      this.path = "";
      auth = authpath;
    } else {
      auth = authpath.substring(0, delim);
      this.path = authpath.substring(delim);
    }
    this.authority = new Authority(scheme, auth.toLowerCase());
  }

  private String actions() {
    StringBuilder b = new StringBuilder();
    for (String s : methods) {
      b.append(s);
    }
    b.append(":");
    for (String s : requestHeaders) {
      b.append(s);
    }
    return b.toString();
  }

  /**
   * restore the state of this object from stream
   */
  private void readObject(ObjectInputStream s)
      throws IOException, ClassNotFoundException {
    ObjectInputStream.GetField fields = s.readFields();
    String actions = (String) fields.get("actions", null);

    init(actions);
  }

  static class Authority {

    HostPortrange p;

    Authority(String scheme, String authority) {
      int at = authority.indexOf('@');
      if (at == -1) {
        p = new HostPortrange(scheme, authority);
      } else {
        p = new HostPortrange(scheme, authority.substring(at + 1));
      }
    }

    boolean implies(Authority other) {
      return impliesHostrange(other) && impliesPortrange(other);
    }

    private boolean impliesHostrange(Authority that) {
      String thishost = this.p.hostname();
      String thathost = that.p.hostname();

      if (p.wildcard() && thishost.equals("")) {
        // this "*" implies all others
        return true;
      }
      if (that.p.wildcard() && thathost.equals("")) {
        // that "*" can only be implied by this "*"
        return false;
      }
      if (thishost.equals(thathost)) {
        // covers all cases of literal IP addresses and fixed
        // domain names.
        return true;
      }
      if (this.p.wildcard()) {
        // this "*.foo.com" implies "bub.bar.foo.com"
        return thathost.endsWith(thishost);
      }
      return false;
    }

    private boolean impliesPortrange(Authority that) {
      int[] thisrange = this.p.portrange();
      int[] thatrange = that.p.portrange();
      if (thisrange[0] == -1) {
                /* port not specified non http/s URL */
        return true;
      }
      return thisrange[0] <= thatrange[0] &&
          thisrange[1] >= thatrange[1];
    }

    boolean equals(Authority that) {
      return this.p.equals(that.p);
    }

    public int hashCode() {
      return p.hashCode();
    }
  }
}
